#!/usr/bin/env bash


# ----------------------------------------------------------------------
# Filename	:  suPam 
# Version	:  1.0
# Date		:  2022/02/21
# Author	:  Lz
# Email		:  liuzuo@kylinos.com.cn 
# History	:     
#            	   Version 1.0, 2022/02/21
# Function	:  su命令限制
# Out		:        
#              0 => TPASS
#              1 => TFAIL
#              other=> TCONF
# ----------------------------------------------------------------------


# 测试主题
Title_Env_LTFLIB="安全加固(接入类) - su命令限制"


## TODO : 个性化,初始化
#   Out : 0=>TPASS
#         1=>TFAIL
#         2=>TCONF
TestInit_LTFLIB(){
	if [ "Z${SuPam_Access_SSRFlag}" == "Z" ];then
		OutputRet_LTFLIB "${ERROR}"	
		TestRetParse_LTFLIB "未定义变量 SuPam_Access_SSRFlag"
	elif [ "Z${SuPam_Access_SSRFlag}" != "ZTrue" -a "Z${SuPam_Access_SSRFlag}" != "ZFalse" ];then
		OutputRet_LTFLIB "${ERROR}"	
		TestRetParse_LTFLIB "SuPam_Access_SSRFlag 无效的参数: ${SuPam_Access_SSRFlag}"
	fi

        return $TPASS
}


## TODO : 清理函数
#   Out : 0=>TPASS
#         1=>TFAIL
#         2=>TCONF
TestClean_LTFLIB(){
        return $TPASS
}


## TODO : 测试用例集
#   Out : 0=>TPASS
#         1=>TFAIL
#         2=>TCONF
Testsuite_LTFLIB(){
        testcase_1

        return $TPASS
}

# su命令限制,文件内容测试
testcase_1(){
        local flag_str="auth	+required	+pam_wheel.so"
        local true_str="^${flag_str}"

        # 查看文件中配置
        local file_conf="/etc/pam.d/su"
        local cmd="cat ${file_conf}"

	# 判断是否需要存在 $flag_str
	local reverse="no"
	if [ "Z${SuPam_Access_SSRFlag}" == "ZTrue" ];then
		reverse="no"	
	else
		reverse="yes"	
	fi

	if [ "Z${reverse}" == "Zno" ];then
		eval ${cmd} | grep -E "${flag_str}"
        	eval ${cmd} | grep -Eq "${true_str}"
        	CommRetParse_LTFLIB "${cmd}查询,要求存在${true_str}" "False" "${reverse}"
	else
		eval ${cmd} | grep -E "${flag_str}"
        	eval ${cmd} | grep -Eq "${true_str}"
        	CommRetParse_LTFLIB "${cmd}查询,要求不存在${true_str}" "False" "${reverse}"
	fi
}


#----------------------------------------------#

source "${LIB_LTFLIB}"
Main_LTFLIB $@
